This behavior change is in the 2022_08 bundle. In the 6.35 release, the bundle is disabled by default.
For the most up-to-date details about the version and date in which it will be enabled, as well as other release-related details, see the Behavior Change Log.
When defining a SAML2 security integration to enable single sign-on, the security administrator specifies a X.509 certificate using the SAML2_X509_CERT parameter.
Snowflake now enforces the validity dates of these X.509 certificates so that expired certificates result in failed authentication. Certificates with a NotBefore date that has not yet occurred also fails authentication. The enforcement of validity dates cannot be disabled.
|
Previously:
|
Snowflake did not check the validity date of an X.509 certificate to see if it was expired or if the NotBefore date had not yet occurred.
|
|
Currently:
|
Snowflake enforces the validity dates of an X.509 certificate. If the current date does not fall within the validity dates of the certificate, authentication fails.
|
Ref: 842
